It's only semi relevant. I tried chrome's "https everywhere" extension. I don't know how well it performs really, because shortly after I signed up for Amazon Prime as a trial, and it crashes Silverlight when trying to stream their content so I turned it off.

This is good, but it's designed to solve a different problem. HTTPS only protects against someone sniffing the wire. That's a good thing in today's widespread public wifi world, but it won't protect your default Wordpress admin page sitting there with the default password, your router sitting there with a telnet port open to the world, nor your password database stored in a CSV file. Just as using an armored truck to haul your cash won't help if they just drop it off on the street corner in front of the bank.

I love the sites that throw out things like "we use SSL/HTTPS to protect your security!" OK, great, you're protecting it in transit, how about when it gets where it's going?

lordargent:Is HTTPS even necessary on a site that I never bothered to create a login to.

Depends what you mean by necessary. Without HTTPS any step on your requests journey can see what you are looking at, and then censor it, or alter it (for example inserting ads or even scripts) and neither you nor the server that answered the request will know something has changed en route. Encrypting the communication between you and the server makes it very difficult to do this in most scenarios.

If HTTPS is prioritized, am I going to get a bunch of results that want me to create a login before I can view their content.

HTTPS doesn't mean you need a login, although if you have a login you almost certainly want HTTPS.

The issue that I have with this is that it will exacerbate the IPV4 address shortfall. If every mom and pop shop now thinks that they NEED to have https in order to show their store hours, I feel bad for their hosts. A dedicated IP address for every account/site will start to become an issue.

xria:Without HTTPS any step on your requests journey can see what you are looking at, and then censor it, or alter it (for example inserting ads or even scripts) and neither you nor the server that answered the request will know something has changed en route.

My thinking is ... if I'm reading a random news site, and I'm blocking javascript anyway. Does it really matter?

I thought that, at least according to Snowden, properly implemented crypto is still good. At any rate, SSL is just another tool, and if you can do a man in the middle attack you really don't need to be the NSA to circumvent it. Not a bad thing to have, though.

Mattix:The issue that I have with this is that it will exacerbate the IPV4 address shortfall. If every mom and pop shop now thinks that they NEED to have https in order to show their store hours, I feel bad for their hosts. A dedicated IP address for every account/site will start to become an issue.

It's actually not necessary to use a dedicated IP for each SSL site, thanks to SNI. It seems to be supported by most modern browsers, so it's probably a safe bet. On the other hand, IPV6 would be nice too.